NASLDB: Debian DSA-2151-1 : openoffice.org - several vulnerabilities
General
ID: 51677
Name: Debian DSA-2151-1 : openoffice.org – several vulnerabilities
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
Several security related problems have been discovered in the
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.
– CVE-2010-3450
During an internal security audit within Red Hat, a
directory traversal vulnerability has been discovered in
the way OpenOffice.org 3.1.1 through 3.2.1 processes XML
filter files. If a local user is tricked into opening a
specially-crafted OOo XML filters package file, this
problem could allow remote attackers to create or
overwrite arbitrary files belonging to local user or,
potentially, execute arbitrary code.
– CVE-2010-3451
During his work as a consultant at Virtual Security
Research (VSR), Dan Rosenberg discovered a vulnerability
in OpenOffice.org’s RTF parsing functionality. Opening a
maliciously crafted RTF document can cause an
out-of-bounds memory read into previously allocated heap
memory, which may lead to the execution of arbitrary
code.
– CVE-2010-3452
Dan Rosenberg discovered a vulnerability in the RTF file
parser which can be leveraged by attackers to achieve
arbitrary code execution by convincing a victim to open
a maliciously crafted RTF file.
– CVE-2010-3453
As part of his work with Virtual Security Research, Dan
Rosenberg discovered a vulnerability in the
WW8ListManager::WW8ListManager() function of
OpenOffice.org that allows a maliciously crafted file to
cause the execution of arbitrary code.
– CVE-2010-3454
As part of his work with Virtual Security Research, Dan
Rosenberg discovered a vulnerability in the
WW8DopTypography::ReadFromMem() function in
OpenOffice.org that may be exploited by a maliciously
crafted file which allows an attacker to control program
flow and potentially execute arbitrary code.
– CVE-2010-3689
Dmitri Gribenko discovered that the soffice script does
not treat an empty LD_LIBRARY_PATH variable like an
unset one, which may lead to the execution of arbitrary
code.
– CVE-2010-4253
A heap based buffer overflow has been discovered with
unknown impact.
– CVE-2010-4643
A vulnerability has been discovered in the way
OpenOffice.org handles TGA graphics which can be tricked
by a specially crafted TGA file that could cause the
program to crash due to a heap-based buffer overflow
with unknown impact.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2010-3450
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2011/01/26
Plugin Release: 2011/01/27
Plugin
Version: 1.10
Filename: debian_DSA-2151.nasl
Filesize: 6190 bytes
MD5 Hash: 5e24df54b61a0ff64752104c5d4bc4c4
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2011-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack